Reading notes: Understanding OAuth2
OAuth is a delegation of authority ( Authorization ) Open network standards are widely used worldwide, and the current version is 2.0 version. try to build the environment today. Only as a record of learning;
Reference sources:
http://oauth.net/2/
http://bshaffer.github.io/oauth2-server-php-docs/cookbook/
Data Sheet Preparation:
Structure of the----table ' oauth_access_tokens '--create table IF not EXISTS ' oauth_access_tokens ' (' access_token ' text, ' client_id ' Tex T, ' user_id ' text, ' expires ' timestamp not NULL DEFAULT current_timestamp on UPDATE current_timestamp, ' scope ' text) EN Gine=innodb DEFAULT Charset=utf8; The structure of the--------------------------------------------------------------table ' oauth_ Authorization_codes '--create TABLE IF not EXISTS ' oauth_authorization_codes ' (' authorization_code ' text, ' client_id ' te XT, ' user_id ' text, ' Redirect_uri ' text, ' expires ' timestamp not NULL DEFAULT current_timestamp on UPDATE current_times Tamp, ' scope ' text, ' Id_token ' text) engine=innodb DEFAULT Charset=utf8;--------------------------------------------- Structure of the-----------------table ' oauth_clients '--create table IF not EXISTS ' oauth_clients ' (' client_id ' text, ' Client_secret ' t Ext, ' Redirect_uri ' text) engine=innodb DEFAULT Charset=utf8;----Dump the data in the table ' oauth_clients '--insert into ' oauth_clients ' ( ' client_id ', ' client_secret ', ' redirect_Uri ') VALUES (' DemoApp ', ' demopass ', ' http://127.0.0.1/tp/index.php ');-------------------------------------------- Structure of the------------------table ' Oauth_public_keys '--create table IF not EXISTS ' Oauth_public_keys ' (' client_id ' varchar) DEF Ault null, ' public_key ' varchar (8000) default NULL, ' Private_key ' varchar (8000) default NULL, ' Encryption_algorithm ' VA Rchar (+) Default ' RS256 ') engine=innodb default Charset=utf8;----------------------------------------------------- Structure of the---------table ' oauth_refresh_tokens '--create table IF not EXISTS ' oauth_refresh_tokens ' (' refresh_token ' text, ' client _id ' text, ' user_id ' text, ' expires ' timestamp not NULL DEFAULT current_timestamp on UPDATE current_timestamp, ' scope ' Text) Engine=innodb DEFAULT Charset=utf8;--------------------------------------------------------------table's structure ' OAuth _scopes '--create TABLE IF not EXISTS ' oauth_scopes ' (' scope ' text, ' Is_default ' tinyint (1) default NULL) Engine=innodb DEFAULT Charset=utf8;----------------------Structure of the----------------------------------------table ' oauth_users '--create table IF not EXISTS ' oauth_users ' (' username ' Varch AR (255) Not NULL, ' password ' varchar (+) default NULL, ' first_name ' varchar (255) default NULL, ' last_name ' varchar (25 5) Default NULL) Engine=innodb default Charset=utf8;----Indexes for table ' oauth_users '--alter table ' oauth_users ' ADD P Rimary KEY (' username ');
OAuth2 Library Address: https://github.com/bshaffer/oauth2-server-php
Here I put it in the vendor/oauth2;
Authorization Request Class:
<?phpnamespace Api\controller;class Oauth2controller extends \org\oauth2\controller{public function __construct () {parent::__construct (); } public Function authorize () {//Validate the authorize request if (! $this->oauth_server->validateauth Orizerequest ($this->oauth_request, $this->oauth_response)) {$this->oauth_response->send (); Die }//Print the Authorization code if the user has authorized your client $this->oauth_server->handleauthorizer Equest ($this->oauth_request, $this->oauth_response, True); This is a if only-so-you get-see your code in the CURL request. Otherwise, we ' d redirect back to the client $code = substr ($this->oauth_response->gethttpheader (' location '), Strpos ($this->oauth_response->gethttpheader (' location '), ' code= ') + 5, 40); Echo json_encode ([' Code ' = $code]); $this->oauth_response->send (); } publicfunction token () {$this->oauth_server->handletokenrequest (\oauth2\request::createfromglobals ())->send ( ); }}
The request encapsulation of the OAuth2 library is placed in: org/oauth2;
<?phpnamespace org\oauth2;class controller{protected $oauth _server; protected $oauth _storage; protected $oauth _request; protected $oauth _response; Public Function __construct () {//autoloading (composer was preferred, but for this example let's just do this)/ /require_once (Vendor_path. '/oauth2/autoloader.php ');//\oauth2\autoloader::register (); $DSN is the Data Source Name for your database, for exmaple "Mysql:dbname=my_oauth2_db;host=localhost" $this-> ; oauth_storage = new \oauth2\storage\pdo (' DSN ' = + C (' DSN '), ' username ' = + C (' username '), ' password ' = C (' PASSWORD ')); Pass a storage object or array of storage objects to the OAuth2 server class $this->oauth_server = new \oauth 2\server ($this->oauth_storage); Add the "Client Credentials" grant type (it is the simplest of the grant types) $this->OAUTH_SERVER->ADDGR Anttype (New \oauth2\granttype\clientcredentials ($thIs->oauth_storage)); Add the "Authorization Code" grant type (this is where the OAuth magic happens) $this->OAUTH_SERVER->ADDGR Anttype (New \oauth2\granttype\authorizationcode ($this->oauth_storage)); $this->oauth_request = \oauth2\request::createfromglobals (); $this->oauth_response = new \oauth2\response (); }}<?phpnamespace Org\oauth2;class Resource extends controller{protected $tokenData; Public Function __construct () {parent::__construct (); Handle a request to a resource and authenticate the access token if (! $this->oauth_server->verifyresourcer Equest (\oauth2\request::createfromglobals ())) {$this->oauth_server->getresponse ()->send (); Die } $this->tokendata = $this->oauth_server->getresourcecontroller ()->gettoken (); }}
Test class:
<?phpnamespace Api\controller;class TestController extends \org\oauth2\resource{public function __construct ( ) { parent::__construct (); } Public function test () { echo json_encode (' success ' = ' = ' = ' message ' = ' "You accessed my apis! ')); } Public Function GetToken () { echo json_encode ([' token ' = + $this->tokendata]);} }
Configuration file:
Require_once (Vendor_path. '/oauth2/autoloader.php '); Oauth2\autoloader::register (); return Array ( //' config item ' = ' config value ' autoload_ NAMESPACE ' = = Array (' OAuth2 ' = Vendor_path. ' oauth2/'),//Extension Module list ' DSN ' = ' mysql:host=localhost;dbname=oauth2 ', ' USERNAME ' = ' root ', ' PASSWORD ' = ', ');
OAuth2 based on TP to build a simple case